Digital payload sharing protection

ABSTRACT

A computing device includes a network interface, a storage controller, a sharing tool and a protection service. The network interface communicatively couples the computing device to one or more computing devices. The storage controller is configured to access a plurality of digital payloads. Each of the digital payloads is associated with a plurality of access tags including content tags and context tags. The sharing tool is configured to share, with a recipient computing device via the network interface, a selected digital payload. The protection service configured to automatically control sharing of the selected digital payload with the recipient computing device based on determining that a prospective recipient associated with the recipient computing device has a work designation or a personal designation that is inconsistent with one or both of a context indicated by the context tags and a content indicated by the content tags.

BACKGROUND

A user may have different types of relationships with differentcontacts. For example, a user may have a group of friends that isseparate from a group of co-workers. Moreover, some contacts may havemore than one type of relationship with the user. For example, aparticular contact may be both a friend and a co-worker. Such differenttypes of relationships may affect a manner in which the usercommunicates with the different contacts.

SUMMARY

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used to limit the scope of the claimed subject matter. Furthermore,the claimed subject matter is not limited to implementations that solveany or all disadvantages noted in any part of this disclosure.

A computing device includes a network interface, a storage controller, asharing tool, and a protection service. The network interfacecommunicatively couples the computing device to one or more computingdevices. The storage controller is configured to access a plurality ofdigital payloads. Each of the digital payloads is associated with aplurality of access tags including content tags and context tags. Thesharing tool is configured to share, with a recipient computing devicevia the network interface, a selected digital payload. The protectionservice configured to automatically control sharing of the selecteddigital payload with the recipient computing device based on determiningthat a prospective recipient associated with the recipient computingdevice has a work designation or a personal designation that isinconsistent with one or both of a context indicated by the context tagsand a content indicated by the content tags.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a computing device configured to share digital payloadswith one or more remote computing devices via a computer network.

FIGS. 2A-2F show different scenarios of automatically controllingsharing of a selected digital payload based on a prospective recipienthaving a work designation that is inconsistent with one or more of acontent, a context, and a sharing context of the selected digitalpayload.

FIGS. 3A-E show different scenarios of automatically controlling sharingof a selected digital payload based on a prospective recipient having apersonal designation that is inconsistent with one or more of a content,a context, and a sharing context of the selected digital payload.

FIGS. 4A-B show a scenario of automatically controlling sharing of aselected digital payload based on a sharing context and a prospectiverecipient having a personal designation that is inconsistent with a workcontent and a work context of the selected digital payload.

FIG. 5 shows a computing system.

DETAILED DESCRIPTION

A user may use a computer to share different information with a widerange of different recipients. In some scenarios, when a computingdevice has no sharing protections in place, a user accidentally mayshare information with an unintended recipient. In some such scenarios,the accident may have negative ramifications for the user. For example,the user accidentally may send personal content that is not suitable fora work environment to a co-worker. In another example, the user mayaccidentally leak secret work information to a personal contact.

Accordingly, the present description is directed to an approach forautomatically controlling sharing of a digital payload with aprospective recipient based on respective category designations of thedigital payload and the prospective recipient. More particularly, suchan approach may recognize a condition in which a category designation ofthe prospective recipient is inconsistent with one or both of a contextcategory and a content category of the digital payload, andautomatically employ control measures to prevent the digital payloadfrom accidentally being shared with the prospective recipient.Accordingly, such an approach may provide automatic control to ensurethat a user is sharing digital payloads in a manner that is content andcontext appropriate.

FIG. 1 shows an example computing device 100 in simplified form. Thecomputing device 100 is associated with a user and may be referred toherein as a user computing device. The computing device 100 includes astorage machine 102 configured to hold a plurality of network-shareabledigital payloads 104. The plurality of digital payloads 104 may includeany suitable digital, machine-readable form of a communication or amedia content item that can be shared with one or more prospectiverecipients. Non-limiting examples of a digital payload may include, butare not limited to, a digital image or photograph, digital video (e.g.,previously-generated video or a live video stream), digital audio (e.g.,a voice call, a song, a spoken word or other sound track), a document(e.g., text file, presentation, spreadsheet, database), a file, and amessage (e.g., an email, a short message service (SMS) or text message,a social network post/message).

The plurality of digital payloads 104 may be generated based on anysuitable computing activity. For example, the user may generate adigital payload via the computing device 100. In another example, thecomputing device 100 may receive a digital payload from a remotecomputing device.

The computing device 100 optionally includes a tagging tool 112configured to generate and/or modify a plurality of access tags 106 ofone or more of the plurality of digital payloads 104. Each of the accesstags 106 may describe a different characteristic of the correspondingdigital payload 104. The access tags 106 may be used to determine if thedigital payload 104 can be shared with a prospective recipient based onagreement between the access tags and a category designation of theprospective recipient. In particular, the plurality of access tags 106include one or more content tags 108 and one or more context tags 110.

In some implementations, tags may be applied by other computing devices.As such, the description of tagging tool 112 is applicable to taggingtools of cooperating computing devices. For example, a remote computingdevice 126 different than computing device 100 may include a taggingtool 130 configured to generate tags for a plurality of digitalpayloads. In one example, the remote computing device 126 may be part ofa cloud-based network storage device (e.g., an online photo storageservice), and the tagging tool 130 is configured to generate tags fordigital payloads that are saved on the remote computing device. Suchtags may be used by computing device 100 when computing device 100attempts to share the remotely stored digital payloads.

The content tags 108 describe characteristics of content included in thedigital payload 104 that can be used to categorize the digital payload.The content tags 108 may include any suitable descriptive terms. In oneexample where the digital payload is a digital photograph, the contenttags 108 may indicate image features recognized in the digitalphotograph. For example, a digital photograph of a group of people mayinclude content tags that name each of the people in the digitalphotograph and/or that generally are labeled as “people.” In anotherexample, a digital photograph of a dog may include a content tags thatis labeled as “dog.” In another example, a digital photograph of awhiteboard with sketches may include content tags that are labeled“whiteboard” and “sketches.”

In some implementations, the tagging tool 112 includes amachine-learning object-recognition engine to automatically identifyobjects in a digital photograph. The tagging tool 112 may identify ageneric match (this object is a person) and/or a specific match (thisobject is my mother). A machine-learning object-recognition engine maybe trained via supervised and/or unsupervised learning using anysuitable machine learning approach (e.g., decision tree, boosteddecision tree, neural network, etc.).

In another example where the digital payload includes some form of text,such as in a message or a document, the content tags 108 may includekeywords included in the text of the digital payload. Different keywordsmay be associated with different categories that may be used tocategorize the content of the digital payload. In one example, an emailincludes the name of a company or organization at which the user works,and the email is tagged with a content tag that is labeled with thecompany name. In another example, an SMS message includes the keywords“Seattle Mariners”, and the SMS message is tagged with a particularcontent tag that is labeled “Seattle Mariners” as well as a generalcontent tag that is labeled “baseball.”

The context tags 110 describe characteristics of a context of thedigital payload 104 that can be used to categorize the digital payload.The context tags 110 may include any suitable descriptive terms.Non-limiting examples of a context tag include, but are not limited to,a creation time, a creation date, a computing device on which thedigital payload is created, a geographic location at which the digitalpayload was created, an identify of a creator of the digital payload,and a storage location on a computing device on which the digitalpayload is stored.

The tagging tool 112 may be configured to generate access tags 106 forthe digital payloads 104 in any suitable manner. For example, thetagging tool 112 may generate an access tag 106 for a particular digitalpayload 104 when the digital payload is initially created. In anotherexample, the tagging tool 112 may generate or modify an access tag 106of a digital payload 104 based on the digital payload 104 being sharedor used in another manner. For example, the tagging tool 112 may modifya context tag 110 of a digital payload 104 based on the digital payload104 being updated and saved. In particular, the context tag 110 mayindicate an identity of a user that updated the digital payload 104. Inanother example, the tagging tool 112 may generate or modify a tag of adigital payload based on a trigger, event, or condition. For example,the tagging tool 112 may modify a context tag 110 of a digital payload104 based on the digital payload being moved to a different storagelocation of a computing device. In particular, the context tag 110 mayindicate the storage address of the new storage location. In anotherexample, the tagging tool 112 may modify a context tag 110 of a digitalpayload 104 based on the digital payload being moved between differentlycontrolled portions of a computing device. For example, a digitalpayload 104 may be moved from a work controlled portion of the storagemachine 102 to a personal controlled portion of the storage machine 102.The tagging tool 112 may modify the context tag 110 of the digitalpayload 104 to indicate this change in storage location. The taggingtool 112 may modify the tag because the differently controlled portionsof the storage machine 102 may have different access restrictions thatmay affect sharing of digital payloads stored in the differentlycontrolled portions. For example, a digital payload stored in the workcontrolled portion may be accessed by or shared with onlywork-designated users, and a digital payload stored in the personalcontrolled portion may be accessed by or shared with any type of user.

In some implementations, the tagging tool 112 further may be configuredto generate and/or modify category tags for one or more contacts thatmay be prospective recipients of a digital payload. The tagging tool 112may identify a contact in any suitable manner. In one example, thetagging tool 112 may look up a contact from a local list of contactsstored on the computing device 100. In another example, the tagging tool112 may look up a contact from a remote list of contacts stored on aremote computing device, such as a work computing device, a socialnetwork computing device, or a computing device associated with anotherorganization of the user. The tagging tool 112 may generate any suitablenumber of different category tags for a contact. Non-limiting examplesof a category tag may include, but are not limited to, a co-worker, afriend, a club member, a sports team member, a family member, a client,a vendor, a church member, a political party member, a marital status,an age, a nationality, a race, and a sex. In one example of a categorytag having associated sub-category tags, a particular contact may have ahigh-level co-worker tag as well as a plurality of sub-category tagsincluding a works in the research and development department tag, aworks as an analyst tag, a works in building C tag, and a works on the7^(th) floor of building C tag.

The tagging tool 112 may be configured to generate and/or modify acategory tag for a contact in any suitable manner. In one example, thetagging tool 112 generates one or more tags for a contact based on userinput directly indicating the category designations of the contact. Inanother example, the tagging tool 112 generates a category tag of acontact based on recognized information and/or characteristics of thecontact. For example, the tagging tool 112 may generate a category tagof a contact by looking up information about the contact on a socialnetwork profile, a work profile, or another source of information aboutthe contact. The tagging tool 112 may be configured to modify a categorytag of a contact based on any suitable event, trigger, or condition. Forexample, the tagging tool 112 may modify a category tag of a contact toreflect a change of occupation of the contact.

The computing device 100 includes a network interface 114 configured tocommunicatively couple the computing device 100 to one or more remotecomputing devices, via a computer network 124. The network interface 114may include any suitable computer hardware component to connect thecomputing device 100 to the computer network 124. For example, thenetwork interface 114 may include any suitable wired or wirelesscommunication hardware. In the illustrated implementation, the networkinterface 114 may communicatively couple the computing device 100 withthe remote storage computing device 126 and/or any of a plurality ofremote computing devices 132.

The computing device 100 includes a sharing tool 116 configured to sharea selected digital payload with a recipient computing device selectedfrom the plurality of remote computing devices 132. The sharing tool 116may send the selected digital payload to the recipient computing devicevia the network interface 114. The selected digital payload may beselected from any suitable storage location. In some cases, the selecteddigital payload may be selected from the plurality of locally storeddigital payloads 104. In other cases, the selected digital payload maybe selected from a plurality of digital payloads 128 stored on theremote computing device 126. The remote storage computing device 126 maytake any suitable form. In one example, the remote storage computingdevice 126 is a server computing device. In another example, the remotestorage computing device 126 is a cloud computing system. In yet anotherexample, the remote storage computing device 126 is another computingdevice associated with the user, such as a mobile computing device orsmartphone.

The sharing tool 116 may be configured to share any suitable type ofdigital payload 104. For example, the sharing tool 116 may be configuredto send an email, a digital photograph, a video chat, an audio file, anSMS message, or another type of digital payload. In someimplementations, the sharing tool 116 may be configured to share morethan one type of digital payload 104. For example, the sharing tool 116may be configured to send an email that includes an attached document ordigital photograph. In some implementations, the computing device 100may include different sharing tools for different types of digitalpayloads. For example, the computing device may include differentsharing tools for sharing digital photographs and sending SMS messages.The sharing tool 116 may take any suitable form. Non-limiting examplesof the sharing tool 116 may include, but are not limited to, astandalone application, a web application, a background service, acomponent of an operating system, an executable, or another suitablecomputing component.

The computing device includes a storage controller 118 configured toaccess the plurality of network-sharable digital payloads via thestorage machine 102. The storage controller 118 may take any suitableform. In one example, the storage controller is a component of anoperating system. In another example, the storage controller is acomponent of an application. In some implementations, the storagecontroller 118 may include or cooperate with a digital circuit includinglogic configured for storage and access of the plurality of digitalpayloads 104. For example, the storage controller 118 may be configuredto retrieve a selected digital payload from the storage machine 102based on the sharing tool 116 sharing the selected digital payload witha recipient computing device. In some implementations, the storagecontroller 118 is configured to retrieve a selected digital payload froma remote storage location, such as on remote computing device 126.

In some implementations, the computing device 100 includes a contactservice 120 configured to recognize one or more category designations ofa contact based on the contact's one or more category tags. For example,the contact may be a prospective recipient of a digital payload that isbeing shared by the sharing tool 116. The prospective recipient may beassociated with one of the plurality remote computing devices 132. Thecontact service 120 may recognize the category designation(s) of thecontact and pass along the recognized category designations to aprotection service 122 of the computing device 100.

The contact service 120 may analyze a contact's category tags in anysuitable manner to recognize the category designations of the contact.For example, the contact service 120 may recognize category designationsdirectly from the category tags. In another example, the contact service120 may include logic to infer a category designation based ondescriptive terms provided by the category tags.

Moreover, the contact service 120 may analyze the contact's categorytags to recognize the category designations at any suitable time. Forexample, the contact service 120 may recognize the category designationsof a contact when the contact is created. Further, the contact service120 may recognize and/or modify the category designations of a contactwhen a category tag of the contact is modified.

In the illustrated example, the contact service 120 recognizes thatdifferent contacts associated with different remote computing devices132 have one or more different category designations. In particular, thecontact service 120 recognizes that the contacts associated with theremote computing devices 132A-132C have a work designation based on thecontact tags. In other words, the contacts associated with the remotecomputing devices 132A-132C belong to a work group 134. Further, thecontact service 120 recognizes that the contacts associated with theremote computing devices 132A-132B also belong to a marketing departmentgroup 136 that is a sub-group of the work group 134. Further, thecontact service 120 recognizes that the contacts associated with theremote computing devices 132C-132D belong to a personal group 138. Forexample, the personal group could be members of a fantasy footballleague. In this example, the contact associated with the remotecomputing device 132C has both a work designation and a personaldesignation in relation to the user of the computing device 100.

The protection service 122 is configured to automatically controlsharing of a selected digital payload 104 with a recipient computingdevice. In some implementations, the protection service 122 controlssharing of the selected digital payload based on determining whether ornot a prospective recipient associated with the recipient computingdevice has a category designation that is inconsistent with one or bothof a context category and a content category. The protection service 122determines the content category of the digital content item from the oneor more content tags 108 and the context category from the one or morecontext tags 110. In one example, when the sharing tool 116 attempts toshare a selected digital payload 104 with a prospective recipient, theprotection service 122 intervenes and/or intercepts the selected digitalpayload 104 to perform analysis on the prospective recipient and thedigital payload to determine whether or not they are categoricallyconsistent.

The protection service 122 may be configured to allow the sharing tool116 to share the digital payload with the prospective recipient if thecategory designation of the prospective recipient is consistent withboth of the context category and the content category of the digitalpayload. Further, the protection service 122 may automatically controlsharing based on determining that a prospective recipient has a categorydesignation that is inconsistent with a content category and/or acontext category of a digital payload in any suitable manner. In oneexample, the protection service 122 is configured to automaticallycontrol sharing by blocking the selected digital payload from beingshared with the prospective recipient. For example, the protectionservice 122 may block sharing of the selected digital payload with therecipient computing device based on determining that the prospectiverecipient has a personal designation and the selected digital payloadhas one or both of a work context and a work content. In anotherexample, the protection service 122 may block sharing of the selecteddigital payload with the recipient computing device based on determiningthat the prospective recipient has a personal designation and theselected digital payload has one or both of a work context and a workcontent.

In another example, the protection service 122 is configured toautomatically control sharing by delaying the selected digital payloadfrom being shared with the prospective recipient until a sending useroverrides a warning. For example, the protection service 122 may delaysharing of the selected digital payload with the recipient computingdevice based on determining that the prospective recipient has apersonal designation and the selected digital payload has one or both ofa work context and a work content. In another example, the protectionservice 122 may delay sharing of the selected digital payload with therecipient computing device based on determining that the recipient has awork designation and the selected digital payload has one or both of apersonal context and a personal content.

In another example, the protection service 122 is configured toautomatically control sharing by delaying sharing of the selecteddigital payload with the recipient computing device until a portion ofcontent is removed from the selected digital payload. For example, inthe case of a digital payload including text, such as an email or an SMSmessage, the protection service 122 may determine that the digitalpayload is categorically inconsistent with the prospective recipientbased on particular keywords in the text indicated by the content tags.Accordingly, the protection service 122 may present a recommendation toremove such keywords or make other changes to the content to make thedigital payload more categorically consistent with the prospectiverecipient.

In another example, the protection service 122 is configured toautomatically control sharing by recommending one or more alternativerecipients having a category designation that is consistent with thecontext category and the content category of the selected digitalpayload.

In some implementations, the protection service 122 may be furtherconfigured to automatically control sharing of the selected digitalpayload with the recipient computing device based on determining that asending context is inconsistent with a category designation of theprospective recipient. The sending context may include one or morecharacteristics that define conditions when a digital payload is beingshared with a prospective recipient. The sending context may provide anadditional layer of logic or analysis beyond the context and content ofa digital payload. In some scenarios, the protection service 122 may usethe sending context to make a determination about categoricalconsistency between a digital payload and a prospective recipient whenthe content and context of the digital payload do not provide a clearanswer.

The protection service 122 may determine that a sending context isinconsistent with a category designation of a prospective recipient inany suitable manner. In one example, the sending context indicates thata time at which the selected payload is being shared is during atimeframe associated with a particular category, such as a worktimeframe or a personal timeframe. In another example, the sendingcontext indicates that a time at which the selected digital payload isbeing shared is within a threshold duration of a type of activityperformed on the computing device 100 that is associated with aparticular category, such as a work activity or personal activity. Inanother example, the sending context indicates that the selected digitalpayload is being shared from a computing device associated with aparticular category, such as a work-designated computing device or apersonal-designated computing device. In another example, the sendingcontext indicates that the selected digital payload is being sharedusing an identity (e.g., an email address, social network profile)associated with a particular category, such as a work-designatedidentity or a personal-designated identity. In another example, thesending context indicates that the selected payload is being sharedduring computing activity with a contact associated with a particularcategory, such as a work-designated contact or a personal-designatedcontact.

By performing such categorical consistency analysis and subsequentautomatic sharing control, the protection service 122 may reduce thelikelihood of the sharing tool 116 sharing a digital payload that is notcategorically consistent with a prospective recipient relative to aconfiguration that provides no such protections.

The protection service 122 may take any suitable form. Non-limitingexamples of the protection service 122 may include, but are not limitedto, a standalone application, a web application, a background service, acomponent of an operating system, an executable, or another suitablecomputing component. In some implementations, the protection service 122may be part of the sharing tool 116. In other implementations, theprotection service 122 may be a standalone application that monitors thesharing tool 116.

In some implementations, the protection service 122 may be at leastpartially implemented by other computing devices. As such, thedescription of protection service 122 is applicable to protectionservices of cooperating computing devices. For example, the protectionservice 122 may be implemented as part of a user-controlled email serverand/or a remote cloud-computing email server.

FIGS. 2A-2F, 3A-3E, and 4 show example scenarios in which the protectionservice 122 automatically controls sharing of a selected digital payloadwith a prospective recipient. FIG. 2A shows an example scenario in whicha user attempts to share a plurality of digital payloads including anemail message 200 and a digital photograph 202 with the user's pal.However, the user accidently provides an email address of the user'sboss instead of the user's pal. In other words, the user indicates tothe sharing tool 116 that the user's boss is the prospective recipient204 of the digital payloads 200 and 202.

The protection service 122 may intervene prior to the sharing tool 116sharing the digital payloads 200 and 202 with the prospective recipient204 in order to determine whether a content and/or a context of each ofthe digital payloads 200 and 202 are consistent with a categorydesignation of the prospective recipient 204. The protection service 122automatically controls sharing of the digital payloads 200 and 202 basedon such determinations.

In this scenario, the email 200 includes content tags indicating thatthe content of the email includes keywords related to “baseball” and theuser's “pal.” As such, the protection service 122 determines that theemail 200 is directed to personal content based on the content tags.Further, the email 200 includes context tags indicating that the email200 is generated on the user's smartphone while the smartphone isgeographically located at the baseball stadium. As such, the protectionservice 122 determines that the email 200 has a personal context basedon the context tags. The digital photograph 202 includes content tagsindicating that image features of the digital photograph are related to“baseball.” As such, the protection service 122 determines that thedigital photograph 202 is directed to personal content based on thecontent tags. Further, the digital photograph 202 includes context tagsindicating that the digital photograph 202 is generated on the user'ssmartphone while the smartphone is geographically located at thebaseball stadium. As such, the protection service 122 determines thatthe digital photograph 202 has a personal context based on the contexttags. Furthermore, the protection service 122 determines that thesending context is personal in nature base on the digital payloads 200and 202 being sent from the geographic location of the baseball stadium,which is not a work-designated location.

In this scenario, the digital payloads 200 and 202 include informationof a personal nature that is not meant for the user's boss. Accordingly,if the user were allowed to accidentally share the digital payloads 200and 202 with the user's boss, then the user could face negativerepercussions for mistakenly sharing such information. However, theprotection service 122 determines that the digital payloads 200 and 202are personal, and therefore inconsistent with the work designation ofthe user's boss. Accordingly, the protection service 122 automaticallycontrols sharing of the digital payloads 200 and 202. FIGS. 2B-2F showdifferent manners in which the protection service 122 can automaticallycontrol sharing of the digital payloads 200 and 202 to reduce alikelihood of the user accidentally sharing the digital payloads 200 and202 with the user's boss.

In FIG. 2B, the protection service 122 automatically controls sharing ofthe digital payloads 200 and 202 by blocking the sharing tool 116 fromsharing the digital payloads 200 and 202 with the prospective recipient204. In particular, the protection service 122 does not send the messageand visually presents a notification 206 indicating that the “baseball”email and digital photograph/picture cannot be shared with awork-designated recipient because the email and digitalphotograph/picture are not work-related. In this scenario, theprotection service 122 allows the sharing tool 116 to share onlywork-related digital payloads with work-related recipients.

In FIG. 2C, the protection service 122 automatically controls sharing ofthe digital payloads 200 and 202 by delaying the sharing tool 116 fromsharing the digital payloads 200 and 202 with the prospective recipient204 until the user overrides a warning 208. In particular, theprotection service 122 visually presents the warning 208 asking the userto confirm that the “baseball” email and digital photograph/picture canbe shared with a work-designated recipient even though the email anddigital photograph/picture appear not to be work-related. In thisscenario, the user may select “YES” in order for the protection service122 to allow the sharing tool 116 to share the digital payloads 200 and202 with the work-related recipient 204. On the other hand, if the userselects “NO,” then the protection service 122 would block the sharingtool 116 from sharing the digital payloads 200 and 202 with thework-related recipient 204.

In FIG. 2D, the protection service 122 automatically controls sharing ofthe digital payloads 200 and 202 by recommending an alternativerecipient having a personal designation that is consistent with thecontent and the context of the digital payloads 200 and 202. Inparticular, the protection service 122 visually presents a notification210 asking whether the user would like to send the “baseball” email anddigital photograph/picture to a personal-designated recipient, such asPAL@FRIENDS.COM. In this example, the protection service 122 recommendsan email address associated with the user's pal based on recognizing theuser's pal in the content of the email 200. In another example, theprotection service 122 may recommend other personal-designatedrecipients based on a sharing history of the user. In another example,the protection service 122 may recommend a recipient that has a personaldesignation and further a sub-group designation related to baseball,such as a member of a fantasy baseball league in which the userparticipates. In this scenario, the user may select “YES” in order forthe protection service 122 to replace the email address of the user'sboss with the email address of the user's pal, and allow the sharingtool 116 to share the digital payloads 200 and 202 with the user's pal.

In FIG. 2E, alternatively or in addition to recommending an alternativerecipient as discussed in FIG. 2D, the protection service 122automatically controls sharing of the digital payloads 200 and 202 byrecommending that the digital payloads 200 and 200 be shared using analternative user identity having a personal designation that isconsistent with the content and the context of the digital payloads 200and 202. In particular, the protection service 122 visually presents anotification 212 asking whether the user would like to send the“baseball” email and digital photograph/picture from apersonal-designated identity, such as ME@FRIENDS.COM. In this scenario,the user may select “YES” in order for the protection service 122 toreplace the user's work-designated email address with the user'spersonal-designated email address, and allow the sharing tool 116 toshare the digital payloads 200 and 202 with the user's pal.

In FIG. 2F, the protection service 122 automatically controls sharing ofthe digital payloads 200 and 202 by recommending delaying sharing of thedigital payloads 200 and 202 until a personal timeframe that isconsistent with the personal content and the personal context of thedigital payloads 200 and 202. In particular, the protection service 122visually presents a notification 214 asking whether the user would liketo send the “baseball” email and digital photograph/picture during apersonal-designated timeframe instead of the current work-designatedtimeframe. The protection service 122 may determine work and personaltimeframes in any suitable manner. Further, the protection service 122may determine a current timeframe based on a time 216 when the digitalpayloads 200 and 202 are being shared. Such a determination may beincluded as part of a sharing context determination. In this scenario,the user may select “YES” in order for the protection service 122 todelay the sharing tool 116 from sharing the digital payloads 200 and 202until the personal timeframe, which may occur after a work timeframe,for example.

FIG. 3A shows another example scenario in which a user attempts to sharea plurality of digital payloads including an email message 300 and adigital photograph 302 with the user's boss. However, the useraccidently provides an email address of the user's pal instead of theuser's boss. In other words, the user indicates to the sharing tool 116that the user's pal is the prospective recipient 304 of the digitalpayloads 300 and 302.

The protection service 122 may intervene prior to the sharing tool 116sharing the digital payloads 300 and 302 with the prospective recipient304 in order to determine whether a content and/or a context of each ofthe digital payloads 300 and 302 are consistent with a categorydesignation of the prospective recipient 304. The protection service 122automatically controls sharing of the digital payloads 300 and 302 basedon such determinations.

In this scenario, the email 300 includes content tags indicating thatthe content of the email includes keywords related to “white board” and“sketch.” As such, the protection service 122 determines that the email300 is directed to work content based on the content tags, because theuser is more likely to send white board sketches to a co-worker than acontact having a different category designation. Further, the email 300includes context tags indicating that the email 300 is generated on theuser's work desktop computer while the desktop computer isgeographically located at the user's office. As such, the protectionservice 122 determines that the email 300 has a work context based onthe context tags.

The digital photograph 302 includes content tags indicating that imagefeatures of the digital photograph are related to “white board” and“sketches.” As such, the protection service 122 determines that thedigital photograph 302 is directed to work content based on the contenttags. Further, the digital photograph 302 includes context tagsindicating that the digital photograph 302 is taken at a time when theuser is scheduled to have a meeting with the user's boss. For example,the protection service 122 may recognize the meeting time from theuser's calendar. Further, the context tags indicate that the digitalphotograph was taken at a geographical location of the user's office,and the digital photograph is stored on a computing device within adomain of the user's company. As such, the protection service 122determines that the digital photograph 302 has a work context based onthe context tags.

The protection service 122 determines that the sending context iswork-related based on the digital payloads 300 and 302 being sent fromthe geographic location of the user's office and during a worktimeframe. Moreover, the protection service 122 determines that thedigital payloads 300 and 302 are sent within a threshold time of themeeting with the user's boss—i.e., work-related activity.

In this scenario, the digital payloads 300 and 302 include work relatedinformation. In particular, the digital photograph of the white boardsketches include corporate secrets that are not meant for the user'spal. Accordingly, if the user were allowed to accidentally share thedigital payloads 300 and 302 with the user's pal, then the user couldface negative repercussions for mistakenly sharing such information.However, the protection service 122 determines that the digital payloads300 and 302 are work related, and therefore inconsistent with thepersonal designation of the user's pal. Accordingly, the protectionservice 122 automatically controls sharing of the digital payloads 300and 302. FIGS. 3B-3E show different manners in which the protectionservice 122 can automatically control sharing of the digital payloads300 and 302 to reduce a likelihood of the user accidentally sharing thedigital payloads 300 and 302 with the user's pal relative to aconfiguration that provides no such protections.

In FIG. 3B, the protection service 122 automatically controls sharing ofthe digital payloads 300 and 302 by blocking the sharing tool 116 fromsharing the digital payloads 300 and 302 with the prospective recipient304. In particular, the protection service 122 visually presents anotification 306 indicating that the “white board” email and digitalphotograph/picture cannot be shared with a non-work-designated recipientbecause the email and digital photograph/picture are work-related. Inthis scenario, the protection service 122 allows the sharing tool 116 toshare only work-related digital payloads with work-related recipients.

In FIG. 3C, the protection service 122 automatically controls sharing ofthe digital payloads 300 and 302 by recommending an alternativerecipient having a work designation that is consistent with the contentand the context of the digital payloads 300 and 302. In particular, theprotection service 122 visually presents a notification 308 askingwhether the user would like to send the “white board” email and digitalphotograph/picture to a work-designated recipient, such as BOSS@JOB.COM.In this example, the protection service 122 recommends an email addressassociated with the user's boss based on recognizing that the digitalphotograph was taken during a meeting with the user's boss. In anotherexample, the protection service 122 may recommend other work-designatedrecipients that were present during the meeting based on invitees listedin the user's calendar. In this scenario, the user may select “YES” inorder for the protection service 122 to replace the email address of theuser's pal with the email address of the user's boss, and allow thesharing tool 116 to share the digital payloads 300 and 302 with theuser's boss.

In FIG. 3D, the protection service 122 automatically controls sharing ofthe digital payloads 300 and 302 by recommending an alternativerecipient having a work designation that is consistent with the contentand the context of the digital payloads 300 and 302 based on recognizingcurrent work-related computing activity between the user and thealternative recipient. In particular, the protection service 122recognizes that the user is currently collaborating with the user's bossin a common document, such as a spreadsheet. Accordingly, the protectionservice 122 visually presents a notification 310 asking whether the userwould like to send the “white board” email and digitalphotograph/picture to the email address BOSS@JOB.COM that is associatedwith the user's boss. In this scenario, the user may select “YES” inorder for the protection service 122 to replace the email address of theuser's pal with the email address of the user's boss, and allow thesharing tool 116 to share the digital payloads 300 and 302 with theuser's boss.

In FIG. 3E, the protection service 122 automatically controls sharing ofthe digital payloads 300 and 302 by recommending an alternativerecipient having a work designation that is consistent with the contentand the context of the digital payloads 300 and 302 based on recognizingthat the user is scheduled to meet with the alternative recipient. Forexample, the protection service 122 may recognize that the user has ameeting scheduled with the user's boss from an entry in the user'scalendar and comparing the scheduled meeting time with a current time312. Accordingly, the protection service 122 visually presents anotification 314 asking whether the user would like to send the “whiteboard” email and digital photograph/picture to the email addressBOSS@JOB.COM that is associated with the user's boss. In this scenario,the user may select “YES” in order for the protection service 122 toreplace the email address of the user's pal with the email address ofthe user's boss, and allow the sharing tool 116 to share the digitalpayloads 300 and 302 with the user's boss.

FIG. 4A shows another example in which a user attempts to share aplurality of digital payloads including an email message 400 and adigital photograph 402 with the user's pal. However, the user accidentlyshares a digital photograph that is inconsistent with the categorydesignation of the sharing context and the prospective recipient. Theprotection service 122 may intervene prior to the sharing tool 116sharing the digital payloads 400 and 402 with a prospective recipient404 in order to determine whether a content and/or a context of each ofthe digital payloads 400 and 402 are consistent with a categorydesignation of the prospective recipient 404. The protection service 122automatically controls sharing of the digital payloads 400 and 402 basedon such determinations.

In this scenario, the email 400 includes content tags indicating thatthe content of the email includes keywords related to “baseball.” Assuch, the protection service 122 determines that the email 400 isdirected to personal content based on the content tags. Further, theemail 400 includes context tags indicating that the email 400 isgenerated on the user's personal desktop computer while the personaldesktop computer is geographically located at the user's home. As such,the protection service 122 determines that the email 400 has a personalcontext based on the context tags.

The digital photograph 402 includes content tags indicating that imagefeatures of the digital photograph are related to “white board” and“sketches.” As such, the protection service 122 determines that thedigital photograph 402 is directed to work content based on the contenttags. Further, the digital photograph 402 includes context tagsindicating that the digital photograph 402 was taken at a time when theuser was scheduled to have a meeting with the user's boss. For example,the protection service 122 may recognize the meeting time from theuser's calendar. Further, the context tags indicate that the digitalphotograph was taken at a geographical location of the user's office. Assuch, the protection service 122 determines that the digital photograph402 has a work context based on the context tags.

The protection service 122 determines that the sending context ispersonal based on the digital payloads 400 and 402 being sent from thegeographic location of the user's home and a current time 406 beingwithin a personal timeframe.

In FIG. 4B, the protection service 122 automatically controls sharing ofthe digital payloads 400 and 402 by recommending an alternative digitalpayload that is consistent with the sharing context and categorydesignation of the prospective recipient 404. In particular, theprotection service 122 visually presents a notification 408 indicatingthat the user is trying to share a work related digital photograph to anon-work related recipient outside of a work timeframe. Further thenotification 408 asks whether the user would like to share a personalpicture with PAL@FRIENDS.COM instead. In this scenario, the user mayselect “YES” in order for the protection service 122 to replace thedigital photograph 402 with an alternative digital photograph. Forexample, the protection service 122 may recommend an alternativephotograph that is contextually consistent with the content of the email400.

FIG. 5 schematically shows a non-limiting implementation of a computingsystem 500 configured to automatically control sharing of a selecteddigital payload with a prospective recipient. Computing system 500 isshown in simplified form. Computing system 500 may take the form of oneor more personal computers, server computers, tablet computers,home-entertainment computers, network computing devices, gaming devices,mobile computing devices, mobile communication devices (e.g., smartphone), virtual-reality devices, and/or other computing devices. Forexample, the computing system 500 may be a non-limiting example of thecomputing device 100 of FIG. 1.

Computing system 500 includes a logic machine 502 and a storage machine504. Computing system 500 may optionally include a display subsystem506, input subsystem 508, communication subsystem 510, and/or othercomponents not shown in FIG. 5.

Logic machine 502 includes one or more physical devices configured toexecute instructions. For example, the logic machine 502 may beconfigured to execute instructions that are part of one or moreapplications, services, programs, routines, libraries, objects,components, data structures, or other logical constructs. Suchinstructions may be implemented to perform a task, implement a datatype, transform the state of one or more components, achieve a technicaleffect, or otherwise arrive at a desired result.

The logic machine 502 may include one or more processors configured toexecute software instructions. Additionally or alternatively, the logicmachine 502 may include one or more hardware or firmware logic machinesconfigured to execute hardware or firmware instructions. Processors ofthe logic machine 502 may be single-core or multi-core, and theinstructions executed thereon may be configured for sequential,parallel, and/or distributed processing. Individual components of thelogic machine 502 optionally may be distributed among two or moreseparate devices, which may be remotely located and/or configured forcoordinated processing. Aspects of the logic machine 502 may bevirtualized and executed by remotely accessible, networked computingdevices configured in a cloud-computing configuration.

Storage machine 504 includes one or more physical devices configured tohold instructions executable by the logic machine 502 to implement themethods and processes described herein. When such methods and processesare implemented, the state of storage machine 504 may betransformed—e.g., to hold different data.

Storage machine 504 may include removable and/or built-in devices.Storage machine 504 may include optical memory (e.g., CD, DVD, HD-DVD,Blu-Ray Disc, etc.), semiconductor memory (e.g., RAM, EPROM, EEPROM,etc.), and/or magnetic memory (e.g., hard-disk drive, floppy-disk drive,tape drive, MRAM, etc.), among others. Storage machine 504 may includevolatile, nonvolatile, dynamic, static, read/write, read-only,random-access, sequential-access, location-addressable,file-addressable, and/or content-addressable devices.

It will be appreciated that storage machine 504 includes one or morephysical devices. However, aspects of the instructions described hereinalternatively may be propagated by a communication medium (e.g., anelectromagnetic signal, an optical signal, etc.) that is not held by aphysical device for a finite duration.

Aspects of logic machine 502 and storage machine 504 may be integratedtogether into one or more hardware-logic components. Such hardware-logiccomponents may include field-programmable gate arrays (FPGAs), program-and application-specific integrated circuits (PASIC/ASICs), program- andapplication-specific standard products (PSSP/ASSPs), system-on-a-chip(SOC), and complex programmable logic devices (CPLDs), for example.

When included, display subsystem 506 may be used to present a visualrepresentation of data held by storage machine 504. This visualrepresentation may take the form of a graphical user interface (GUI). Asthe herein described methods and processes change the data held by thestorage machine, and thus transform the state of the storage machine,the state of display subsystem 506 may likewise be transformed tovisually represent changes in the underlying data. Display subsystem 506may include one or more display devices utilizing virtually any type oftechnology. Such display devices may be combined with logic machine 502and/or storage machine 504 in a shared enclosure, or such displaydevices may be peripheral display devices. As a non-limiting example,display subsystem 506 may include the near-eye displays described above.

When included, input subsystem 508 may comprise or interface with one ormore user-input devices such as a keyboard, mouse, touch screen, or gamecontroller. In some implementations, the input subsystem may comprise orinterface with selected natural user input (NUI) componentry. Suchcomponentry may be integrated or peripheral, and the transduction and/orprocessing of input actions may be handled on- or off-board. Example NUIcomponentry may include a microphone for speech and/or voicerecognition; an infrared, color, stereoscopic, and/or depth camera formachine vision and/or gesture recognition; a head tracker, eye tracker,accelerometer, and/or gyroscope for motion detection and/or intentrecognition; as well as electric-field sensing componentry for assessingbrain activity.

When included, communication subsystem 510 may be configured tocommunicatively couple computing system 500 with one or more othercomputing devices. Communication subsystem 510 may include wired and/orwireless communication devices compatible with one or more differentcommunication protocols. As non-limiting examples, the communicationsubsystem may be configured for communication via a wireless telephonenetwork, or a wired or wireless local- or wide-area network. In someimplementations, the communication subsystem 510 may allow computingsystem 500 to send and/or receive messages to and/or from other devicesvia a network such as the Internet.

In an example, a computing device, comprises a network interfacecommunicatively coupling the computing device to one or more remotecomputing devices, a storage controller configured to access a pluralityof network-sharable digital payloads, each of the plurality of digitalpayloads associated with a plurality of access tags including one ormore content tags and one or more context tags, a sharing toolconfigured to share, with a recipient computing device of the one ormore remote computing devices via the network interface, a selecteddigital payload from the plurality of digital payloads, and a protectionservice configured to automatically control sharing of the selecteddigital payload with the recipient computing device based on determiningthat a prospective recipient associated with the recipient computingdevice has a work designation or a personal designation that isinconsistent with one or both of a context indicated by the one or morecontext tags and a content indicated by the one or more content tags. Inthis example, the protection service may be configured to automaticallycontrol sharing by blocking the selected digital payload from beingshared with the prospective recipient. In this example, the protectionservice may be configured to automatically control sharing by delayingthe selected digital payload from being shared with the prospectiverecipient until a sending user overrides a warning. In this example, thecomputing device may further comprise a contact service configured torecognize a tag associated with a prospective recipient as indicatingone or both of a work designation and a personal designation. In thisexample, the one or more context tags may indicate that the selecteddigital payload is stored on one of a work-designated storage device orpersonal-designated storage device. In this example, the one or morecontext tags may indicate that the selected digital payload was createdon a work-designated computing device or a personal-designated computingdevice. In this example, the one or more context tags may indicate thatthe selected digital payload was created at a work-designated locationor a personal-designated location. In an example, the one or morecontext tags may indicate that the selected digital payload was createdduring a work-designated timeframe or a personal-designated timeframe.In this example, the one or more content tags may indicatework-designated keywords or personal-designated keywords included in theselected digital payload. In this example, the one or more content tagsmay indicate work-designated image features or personal-designated imagefeatures included in the selected digital payload. In this example, theprotection service may be further configured to automatically controlsharing of the selected digital payload with the recipient computingdevice based on determining that a sending context is inconsistent withthe prospective recipient. In this example, the sending context mayindicate that a time at which the selected payload is being shared isduring a work timeframe or a personal timeframe. In this example, thesending context may indicate that a time at which the selected digitalpayload is being shared is within a threshold duration of previous workactivity or previous personal activity on the computing system. In thisexample, the sending context may indicate that the selected digitalpayload is being shared from a work-designated computing device or apersonal-designated computing device. In this example, the sendingcontext may indicate that the selected digital payload is being sharedusing a work-designated identity or a personal-designated identity. Inthis example, the sending context may indicate that the selected payloadis being shared during computing activity with a work-designated contactor a personal-designated contact.

In an example, a computing device, comprises a network interfacecommunicatively coupling the computing device to one or more remotecomputing devices, a storage controller configured to access a pluralityof network-sharable digital payloads, each of the plurality of digitalpayloads associated with a plurality of access tags including one ormore content tags and one or more context tags, a sharing toolconfigured to share, with a recipient computing device of the one ormore remote computing devices via the network interface, a selecteddigital payload from the plurality of digital payloads, and a protectionservice configured to automatically control sharing of the selecteddigital payload with the recipient computing device based on determiningthat a prospective recipient associated with the recipient computingdevice has a category designation selected from a plurality of differentcategory designations that is inconsistent with one or both of a contextcategory indicated by the one or more context tags and a contentcategory indicated by the one or more content tags. In this example, theplurality of different category designations may include a workdesignation and a personal designation. In this example, the protectionservice may be further configured to automatically control sharing ofthe selected digital payload with the recipient computing device basedon determining that a sending context is inconsistent with theprospective recipient.

In an example, a computing device, comprises a network interfacecommunicatively coupling the computing device to one or more remotecomputing devices, a storage controller configured to access a pluralityof network-sharable digital payloads, each of the plurality of digitalpayloads associated with a plurality of access tags including one ormore content tags and one or more context tags, a sharing toolconfigured to share, with a recipient computing device of the one ormore remote computing devices via the network interface, a selecteddigital payload from the plurality of digital payloads, a contactservice configured to recognize one or more tags associated with theprospective recipient as indicating one or both of a work designationand a personal designation, and a protection service configured toautomatically control sharing of the selected digital payload with therecipient computing device based on determining that a prospectiverecipient associated with the recipient computing device has a workdesignation or a personal designation that is inconsistent with one ormore of a context indicated by the one or more context tags, a contentindicated by the one or more content tags, and a sending context.

It will be understood that the configurations and/or approachesdescribed herein are exemplary in nature, and that these specificembodiments or examples are not to be considered in a limiting sense,because numerous variations are possible. The specific routines ormethods described herein may represent one or more of any number ofprocessing strategies. As such, various acts illustrated and/ordescribed may be performed in the sequence illustrated and/or described,in other sequences, in parallel, or omitted. Likewise, the order of theabove-described processes may be changed.

The subject matter of the present disclosure includes all novel andnonobvious combinations and subcombinations of the various processes,systems and configurations, and other features, functions, acts, and/orproperties disclosed herein, as well as any and all equivalents thereof.

The invention claimed is:
 1. A computing device, comprising: a networkinterface communicatively coupling the computing device to one or moreremote computing devices; a logic machine; and a storage machine holdinginstructions executable by the logic machine to instantiate: a storagecontroller configured to access a plurality of network-sharable digitalpayloads, each of the plurality of digital payloads associated with aplurality of access tags including one or more content tags and one ormore context tags indicating that the selected digital payload is storedon one of a work-designated storage device or personal-designatedstorage device; a sharing tool configured to share, with a recipientcomputing device of the one or more remote computing devices via thenetwork interface, a selected digital payload from the plurality ofdigital payloads; and a protection service configured to automaticallydelay, at least until a sending user overrides a warning, sharing of theselected digital payload with the recipient computing device based ondetermining that a prospective recipient associated with the recipientcomputing device has a work designation or a personal designation thatis inconsistent with a context indicated by the one or more contexttags.
 2. The computing device of claim 1, wherein the protection serviceis configured to automatically control sharing by blocking the selecteddigital payload from being shared with the prospective recipient.
 3. Thecomputing device of claim 1, further comprising: a contact serviceconfigured to recognize a tag associated with a prospective recipient asindicating one or both of a work designation and a personal designation.4. The computing system of claim 1, wherein the one or more context tagsindicate that the selected digital payload was created on awork-designated computing device or a personal-designated computingdevice.
 5. The computing system of claim 1, wherein the one or morecontext tags indicate that the selected digital payload was created at awork-designated location or a personal-designated location.
 6. Thecomputing system of claim 1, wherein the one or more context tagsindicate that the selected digital payload was created during awork-designated timeframe or a personal-designated timeframe.
 7. Thecomputing system of claim 1, wherein the one or more content tagsindicate work-designated keywords or personal-designated keywordsincluded in the selected digital payload.
 8. The computing device ofclaim 1, wherein the one or more content tags indicate work-designatedimage features or personal-designated image features included in theselected digital payload.
 9. The computing device of claim 1, whereinthe protection service is further configured to automatically controlsharing of the selected digital payload with the recipient computingdevice based on determining that a sending context is inconsistent withthe prospective recipient.
 10. The computing system of claim 9, whereinthe sending context indicates that a time at which the selected payloadis being shared is during a work timeframe or a personal timeframe. 11.The computing system of claim 9, wherein the sending context indicatesthat a time at which the selected digital payload is being shared iswithin a threshold duration of previous work activity or previouspersonal activity on the computing system.
 12. The computing system ofclaim 9, wherein the sending context indicates that the selected digitalpayload is being shared from a work-designated computing device or apersonal-designated computing device.
 13. The computing system of claim9, wherein the sending context indicates that the selected digitalpayload is being shared using a work-designated identity or apersonal-designated identity.
 14. The computing system of claim 9,wherein the sending context indicates that the selected payload is beingshared during computing activity with a work-designated contact or apersonal-designated contact.
 15. A computing device, comprising: anetwork interface communicatively coupling the computing device to oneor more remote computing devices; a logic machine; and a storage machineholding instructions executable by the logic machine to instantiate: astorage controller configured to access a plurality of network-sharabledigital payloads, each of the plurality of digital payloads associatedwith a plurality of access tags including one or more content tags andone or more context tags indicating that the selected digital payload isa work payload stored on a work-designated storage device or created ona work-designated computing device, or a personal payload stored on apersonal-designated storage device or created on a personal-designatedcomputing device; a sharing tool configured to share, with a recipientcomputing device of the one or more remote computing devices via thenetwork interface, a selected digital payload from the plurality ofdigital payloads; and a protection service configured to automaticallydelay, at least until a sending user overrides a warning, sharing of theselected digital payload with the recipient computing device based ondetermining that a prospective recipient associated with the recipientcomputing device has a work designation or a personal designation thatis inconsistent with a context category indicated by the one or morecontext tags.
 16. The computing device of claim 15, wherein theprotection service is further configured to automatically controlsharing of the selected digital payload with the recipient computingdevice based on determining that a sending context is inconsistent withthe prospective recipient.
 17. A computing device, comprising: a networkinterface communicatively coupling the computing device to one or moreremote computing devices; a logic machine; and a storage machine holdinginstructions executable by the logic machine to instantiate: a storagecontroller configured to access a plurality of network-sharable digitalpayloads, each of the plurality of digital payloads associated with aplurality of access tags including one or more content tags and one ormore context tags indicating that the selected digital payload wascreated on a work-designated computing device or a personal-designatedcomputing device; a sharing tool configured to share, with a recipientcomputing device of the one or more remote computing devices via thenetwork interface, a selected digital payload from the plurality ofdigital payloads; and a protection service configured to automaticallydelay, at least until a sending user overrides a warning, sharing of theselected digital payload with the recipient computing device based ondetermining that a prospective recipient associated with the recipientcomputing device has a work designation or a personal designation thatis inconsistent with a context indicated by the one or more contexttags.